diff options
author | Guido Trentalancia <guido@trentalancia.net> | 2017-05-25 12:53:07 +0200 |
---|---|---|
committer | Jason Zaman <jason@perfinion.com> | 2017-06-06 01:16:18 +0800 |
commit | 16ad490b87e5629bafc5251261fc294340096fe9 (patch) | |
tree | 6933db6889aca7a36d9397e78b901d7c47a1b961 | |
parent | dbus: let session bus daemon manage user runtime dirs (diff) | |
download | hardened-refpolicy-16ad490b.tar.gz hardened-refpolicy-16ad490b.tar.bz2 hardened-refpolicy-16ad490b.zip |
zabbix: Grant zabbix_agent_t to call setrlimit on self
Zabbix Agent wants to disable core dumps on its process
or it refuses to start.
See zabbix bug ZBX-10542
-rw-r--r-- | policy/modules/contrib/zabbix.te | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/policy/modules/contrib/zabbix.te b/policy/modules/contrib/zabbix.te index 3f45497a..5d57a2af 100644 --- a/policy/modules/contrib/zabbix.te +++ b/policy/modules/contrib/zabbix.te @@ -1,4 +1,4 @@ -policy_module(zabbix, 1.10.1) +policy_module(zabbix, 1.10.2) ######################################## # @@ -133,7 +133,7 @@ optional_policy(` # allow zabbix_agent_t self:capability { setgid setuid }; -allow zabbix_agent_t self:process { setsched getsched signal }; +allow zabbix_agent_t self:process { setsched getsched signal setrlimit }; allow zabbix_agent_t self:fifo_file rw_fifo_file_perms; allow zabbix_agent_t self:sem create_sem_perms; allow zabbix_agent_t self:shm create_shm_perms; |